refactor(snap): Remove obsolete parts, upgrade Go, build nginx

snap/snapcraft.yaml

@@ -6,49 +6,14 @@ adopt-info: metadata
 # Different epochs prevent refreshes between major versions of EdgeX due
 # to continued configuration changes.
 #
-# delhi: 0, edinburgh: 1, fuji: 2, geneva: 3, hanoi: 4, ireland/jakarta: 5, kamakura:6 
-epoch: 6
+# delhi: 0, edinburgh: 1, fuji: 2, geneva: 3, hanoi: 4
+# ireland/jakarta: 5, kamakura/levski:6, minnesota: 7
+epoch: 7
 
 architectures:
   - build-on: arm64
   - build-on: amd64
 
-# we need snapd2.45 for setpriv policy allowing it's usage of
-# setgroups(0,<not NUL>)
-# see https://github.com/snapcore/snapd/pull/8220 for full details
-assumes: [snapd2.45]
-
-# postgres needs to run as the snap_daemon user
-system-usernames:
-  snap_daemon: shared
-
-# Ideally snapcraft would generate this command-chain spec for the hooks
-# automatically, but that doesn't currently work, see
-# https://bugs.launchpad.net/snapd/+bug/1824255
-# In the meantime, make sure that the snapcraft-runner gets generated by
-# the apps by specifying the full adapter in at least one of the apps, and
-# manually craft the command-chain for the configure hook here to passthrough
-# to the snap.yaml
-# All of this is necessary so we can use jq and other tools from inside the
-# snap in the configure and install hooks
-# See also https://bugs.launchpad.net/snapcraft/+bug/1848381 for specifying
-# environment for hooks
-passthrough:
-  hooks:
-    configure:
-      command-chain:
-        - snap/command-chain/snapcraft-runner
-      plugs: [network]
-    install:
-      environment:
-        LC_ALL: C.UTF-8
-        LANG: C.UTF-8
-        SNAPCRAFT_PRELOAD_REDIRECT_ONLY_SHM: 1
-      command-chain:
-        - snap/command-chain/snapcraft-runner
-        - bin/snapcraft-preload
-      plugs: [network]
-
 plugs:
   # This content interface provides a mechanism for the edgexfoundry
   # snap to shared vault secret tokens in order for services in external
@@ -60,12 +25,7 @@ plugs:
     content: edgex-secretstore-token
     target: $SNAP_DATA/mount/secrets
 
-# kong runs things through luarocks and luarocks expects it's configuration to
-# be located here and we can't override this at runtime, so map what's in
-# $SNAP to the expected location
 layout:
-  /etc/luarocks:
-    bind: $SNAP/etc/luarocks
   /usr/local:
     bind: $SNAP/usr/local
   /usr/nginx:
@@ -349,55 +309,10 @@ apps:
 parts:
   static-packages:
     plugin: nil
-    # the default source for a part that doesn't specify one is ".", which
-    # then means snapcraft will scan the full git directory here and determine
-    # that if anything changed, i.e. the config-common parts with
-    # actual scripts, etc. this part also gets marked out of date too and needs
-    # rebuilding, even though this part really only depends on a stage-package
-    # to resolve this we can just specify the source of something that changes
-    # infrequently and will minimize unnecessary part re-building by snapcraft
-    source: snap/local/build-helpers
     stage-packages:
       - apg
       - curl
       - jq
-      # setpriv with snapd 2.45 + can be used to drop privileges
-      # base: core18 snaps should stage setpriv while base: core20 should stage util-linux. 
-      - util-linux
-
-  # snapcraft-preload is necessary to make postgres just use a different
-  # lockfile location in /dev/shm
-  # snapcraft-preload defines LD_PRELOAD to be a dynamic library compiled here
-  # which will redirect things like open() that are being called with absolute
-  # paths such as /dev/shm/some-dir to snap-specific, confinement supported
-  # paths like /dev/shm/$SNAP_INSTANCE_NAME.some-dir before being passed to the
-  # actual open() implementation
-  # this prevents re-compiling or patching certain applications like postgres
-  # to use snap security confinement friendly paths
-  # NOTE: if this ever breaks in really scary ways when compiling with lots of
-  # warnings, see the comment on the kong part, tldr probably some other C/C++
-  # part in the build broke snapcraft-preload by running before
-  # snapcraft-preload
-  snapcraft-preload:
-    source: https://github.com/sergiusens/snapcraft-preload.git
-    # unfortunately no tags or releases we can rely on, so just hard-code
-    # master at the time of writing for this
-    source-commit: b8ed08c01c4461e69772f9230ee8d30fe2a2ea56
-    plugin: cmake
-    build-packages:
-      - to arm64:
-          - g++-multilib-arm-linux-gnueabihf
-          - gcc-multilib-arm-linux-gnueabihf
-      - else:
-          - gcc-multilib
-          - g++-multilib
-    stage-packages:
-      - to amd64:
-          - lib32stdc++6 
-    override-build: |
-      cd $SNAPCRAFT_PART_SRC 
-      cmake -DCMAKE_INSTALL_PREFIX=$SNAPCRAFT_PART_INSTALL/ .
-      make install
 
   # For inspiration see
   # - https://github.com/ogra1/nginx-snap
@@ -406,6 +321,9 @@ parts:
   # We enable SSL and reverse proxy and compression and disable almost everything else
   nginx:
     source: https://github.com/nginx/nginx.git
+    # Use branch instead of tag to limit the git cloning depth
+    source-branch: release-1.23.3
+    source-depth: 1
     plugin: autotools
     autotools-configure-parameters:
       - --prefix=/usr/nginx
@@ -477,22 +395,20 @@ parts:
     prime:
       - -usr/nginx/logs
 
-  go-build-helper:
-    plugin: dump
-    # see comment for static-packages part about specifying a source part here
-    source: snap/local/build-helpers
+  go-builder:
+    plugin: nil
     build-snaps:
-      - go/1.18/stable
+      - go/1.20/stable
     prime: [-*]
 
-  config-common:
+  runtime-helpers:
     plugin: dump
     source: snap/local/runtime-helpers
 
   helper-go:
     source: snap/local/helper-go
     plugin: make
-    after: [go-build-helper]
+    after: [go-builder]
     override-build: |
       cd $SNAPCRAFT_PART_SRC
       make build
@@ -541,7 +457,7 @@ parts:
   edgex-go:
     after: 
       - metadata
-      - go-build-helper
+      - go-builder
     source: .
     plugin: make
     override-build: |
@@ -610,8 +526,7 @@ parts:
       - zip
       - pkg-config
 
-  # SECURITY SERVICES PARTS
-  vault:    
+  vault:
     plugin: nil
     build-packages:
       - curl